From owner-freebsd-questions@freebsd.org  Thu May 10 15:02:09 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B504FCC73D
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 10 May 2018 15:02:09 +0000 (UTC)
 (envelope-from guru@unixarea.de)
Received: from ms-10.1blu.de (mail.dpedia.de [178.254.4.101])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 046A06BAB3
 for <freebsd-questions@freebsd.org>; Thu, 10 May 2018 15:02:08 +0000 (UTC)
 (envelope-from guru@unixarea.de)
Received: from [88.217.102.219] (helo=localhost.unixarea.de)
 by ms-10.1blu.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.86_2) (envelope-from <guru@unixarea.de>)
 id 1fGn51-0005Jy-CJ; Thu, 10 May 2018 17:02:03 +0200
Received: from localhost.my.domain (localhost [127.0.0.1])
 by localhost.unixarea.de (8.15.2/8.14.9) with ESMTPS id w4AF20UL002842
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Thu, 10 May 2018 17:02:01 +0200 (CEST)
 (envelope-from guru@unixarea.de)
Received: (from guru@localhost)
 by localhost.my.domain (8.15.2/8.14.9/Submit) id w4AF1tln002838;
 Thu, 10 May 2018 17:01:55 +0200 (CEST)
 (envelope-from guru@unixarea.de)
X-Authentication-Warning: localhost.my.domain: guru set sender to
 guru@unixarea.de using -f
Date: Thu, 10 May 2018 17:01:54 +0200
From: Matthias Apitz <guru@unixarea.de>
To: Valeri Galtsev <galtsev@kicp.uchicago.edu>
Cc: "James B. Byrne" <byrnejb@harte-lyne.ca>, freebsd-questions@freebsd.org
Subject: Re: ssh -X remote does not work due to problem with xauth
Message-ID: <20180510150154.GA2699@c720-r314251>
Reply-To: Matthias Apitz <guru@unixarea.de>
Mail-Followup-To: Valeri Galtsev <galtsev@kicp.uchicago.edu>,
 "James B. Byrne" <byrnejb@harte-lyne.ca>,
 freebsd-questions@freebsd.org
References: <mailman.103.1525953601.52518.freebsd-questions@freebsd.org>
 <587e3b37-c5c7-4af2-80e2-f7c040a4d221@unixarea.de>
 <7edbad31-8ac8-9c27-2536-9a9a37a579b6@kicp.uchicago.edu>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="LZvS9be/3tNcYl/X"
Content-Disposition: inline
In-Reply-To: <7edbad31-8ac8-9c27-2536-9a9a37a579b6@kicp.uchicago.edu>
X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64)
X-message-flag: Mails containing HTML will not be read!  Please send only
 plain text.
User-Agent: Mutt/1.8.0 (2017-02-23)
X-Con-Id: 51246
X-Con-U: 0-guru
X-Originating-IP: 88.217.102.219
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 15:02:09 -0000


--LZvS9be/3tNcYl/X
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

El d=C3=ADa jueves, mayo 10, 2018 a las 09:38:16a. m. -0500, Valeri Galtsev=
 escribi=C3=B3:

>=20
>=20
> On 05/10/18 09:00, Matthias Apitz wrote:
> > On Thursday, 10 May 2018 14:34:27 CEST, James B. Byrne=20
> > <byrnejb@harte-lyne.ca> wrote:
> >>
> >> On Wed, May 9, 2018 14:09, Matthias Apitz wrote:
> >>
> >> What is the ownership of and permissions on .Xauthority on the remote
> >> host?
> >>
> >=20
> > It's owned by me, created as new if not there, but with size=3D0.
>=20
> Did you check that you are not up against hard quota, and the filesystem=
=20
> is not full? I already suggested that, but my message seems to miss your=
=20
> attention. One thing you can try on remote host is:

The remote host is one of our central development hosts, has not quota,
no file sys full and plenty much GB of disk space:

$ scp  /boot/kernel/kernel apitzm@s70devl:.
$ ssh apitzm@s70devl ls -lh kernel
-r-xr-xr-x 1 apitzm apitzm 26M 10. Mai 16:49 kernel
$ ssh apitzm@s70devl LANG=3DC df -kh .
Filesystem                   Size  Used Avail Use% Mounted on
/dev/mapper/vg_root-lv_root  337G   68G  268G  21% /

> Another possibility on multi-user system when this works for others but=
=20
> not for you is if you as UNIX user is prohibited [X]-forwarding by=20
> sysadmin (-"fascist"). I as sysadmin only twice during last decade had=20
> to restrict one single user from doing something, but it still is the=20
> possibility.

I don't think, that our IT department does such things against the Tech Head
I am :-)

I do thank for all replies, but have to say, that all ignored the provided=
=20
truss output (at least in all replies). Here it is again and shows that
there is a LOCAL problem; the LOCAL /usr/local/bin/xauth tries to
create the LOCAL file /tmp/ssh-adSkh4btDHWr/xauthfile (perhaps to move it o=
ver
the SSH channel to the remote end) and it fails doing this:

$ grep xauth ssh.tr
 2505: stat("/usr/local/bin/xauth",{ mode=3D-rwxr-xr-x ,inode=3D15268663,si=
ze=3D41056,blksize=3D32768 }) =3D 0 (0x0)
 2505: write(2,"debug2: client_x11_get_proto: /usr/local/bin/xauth -f /tmp/=
ssh-adSkh4btDHWr/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted timeout=
 1260 2>/dev/null\r\n",153) =3D 153 (0x99)
 2506: execve("/usr/local/bin/xauth",0x80145a260,0x80145a408) =3D 0 (0x0)
 2506: stat("/tmp/ssh-adSkh4btDHWr/xauthfile-c",0x7fffffffdb80) ERR#2 'No s=
uch file or directory'
 2506: openat(AT_FDCWD,"/tmp/ssh-adSkh4btDHWr/xauthfile-c",O_WRONLY|O_CREAT=
|O_EXCL,0600) =3D 3 (0x3)
 2506: pathconf("/tmp/ssh-adSkh4btDHWr/xauthfile-c",_PC_LINK_MAX) =3D 32767=
 (0x7fff)
 2506: link("/tmp/ssh-adSkh4btDHWr/xauthfile-c","/tmp/ssh-adSkh4btDHWr/xaut=
hfile-l") =3D 0 (0x0)
 2506: access("/tmp/ssh-adSkh4btDHWr/xauthfile",F_OK) ERR#2 'No such file o=
r directory'
 2506: open("/tmp/ssh-adSkh4btDHWr/xauthfile",O_RDONLY,0666) ERR#2 'No such=
 file or directory'
 2506: access("/tmp/ssh-adSkh4btDHWr/xauthfile",F_OK) ERR#2 'No such file o=
r directory'
 2506: write(2,"/usr/local/bin/xauth:  file /tmp/ssh-adSkh4btDHWr/xauthfile=
 does not exist\n",75) =3D 75 (0x4b)
 2506: access("/tmp/kde-guru/xauth-1001-_0",R_OK) =3D 0 (0x0)
 2506: open("/tmp/kde-guru/xauth-1001-_0",O_RDONLY,0666) =3D 4 (0x4)
 2506: write(2,"/usr/local/bin/xauth: (argv):1:  ",33) =3D 33 (0x21)
 2506: lstat("/tmp/ssh-adSkh4btDHWr/xauthfile-c",{ mode=3D-rw------- ,inode=
=3D24961,size=3D0,blksize=3D32768 }) =3D 0 (0x0)
 2506: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile-c") =3D 0 (0x0)
 2506: lstat("/tmp/ssh-adSkh4btDHWr/xauthfile-l",{ mode=3D-rw------- ,inode=
=3D24961,size=3D0,blksize=3D32768 }) =3D 0 (0x0)
 2506: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile-l") =3D 0 (0x0)
 2505: unlink("/tmp/ssh-adSkh4btDHWr/xauthfile") ERR#2 'No such file or dir=
ectory'
 2505: write(2,"Warning: untrusted X11 forwarding setup failed: xauth key d=
ata not generated\r\n",78) =3D 78 (0x4e)

$ grep Sec ssh.tr
 2505: read(3,"\0\0\^A\^D\v\^_\0\0\0h\0\0\0\^Secdsa-sha2-nistp256\0\0\0\bni=
stp256\0\0\0A\^D\^Qa<x\^U\M-jW\M-Hy/\M-:\M-b\^Qc\M-\^\^SG\M^ZT|\M-ck7\M-H\M=
-s\M-gKNi\n\M^Ex\M-;D.\M-w\M-'\^O\^T\^Uls\M^Y\M-D\M-5{\M-6\M-3d\M-U\M-P\M-C=
k\M-*7\a\^U\^W\M-^\M^Il\M-n\M-,\0\0\0 M\M-G"...,8192) =3D 364 (0x16c)
 2506: write(2,"couldn't query Security extension on display ":0"\n",50) =
=3D 50 (0x32)

One can simulate the xauth call locally and without redirecting STDERR and
will see the same error:

$ /usr/local/bin/xauth -f /tmp/xauthfile generate :0 MIT-MAGIC-COOKIE-1 unt=
rusted timeout 1260
/usr/local/bin/xauth:  file /tmp/xauthfile does not exist
/usr/local/bin/xauth: (argv):1:  couldn't query Security extension on displ=
ay ":0"

This, and the fact that my colleagues do not face the problem, let me
strongly think in a LOCAL problem, maybe of the Xorg server which is xorg-7=
=2E7_2
=66rom the ports.

Thanks again for reading my post.

	matthias
--=20
Matthias Apitz, =E2=9C=89 guru@unixarea.de, http://www.unixarea.de/ +49-176=
-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: =D0=A1=D0=BF=D0=B0=D1=81=D0=B8=CC=81=D0=B1=D0=BE =D0=BE=D1=81=D0=B2=
=D0=BE=D0=B1=D0=BE=D0=B4=D0=B8=D1=82=D0=B5=D0=BB=D0=B8! Thank you very much=
, Russian liberators!

--LZvS9be/3tNcYl/X
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEXmn7rBYYViyzy/vBR8z35Hb+nREFAlr0Xt8ACgkQR8z35Hb+
nRFgwxAAkrfh+dibUbKJfqmDNIIdDWUPOFHoz8IIOQmanfczJwSMV0fXVMH572CJ
Mc88PVHO3f8+l//Go82NJx0saHkac+VYGCgkpXga5DfFI55NhDSyPm5PsRq6NLt4
X10Al/71RGAtkcB1m51lW6CpqXk0eI02at4NfgqmTqTJL/9bLqrNKMbl84aUPWdN
8PgxXeXyZ4Rmrae9QhTG9O1e4noWg+esNXO8bGTdCjf9cHJ/514XqGrhE3++wRjG
nkstd+7oVm05pc1M/k4EIwSoZ5ga1g3ePs/3U7L+3xPOwGP0oUXFVqkm+H9LtOxz
JkyMPBnGGre7mddMQTyNdf301thB4HN5ycrqlnTiG13jioA2YESF/xLHry7ddJGF
Ti6ynma+VacYHelcWubVxHMTQWTRD1rld3MNWzBwDm5d3tEg/8i+VXpJTf+aZgTM
+N2+vfQNpFI+6nvmgt/k27u2pmK8WohLS0f+cMZ549k04LiI0DJFeOUG1Vy4ha11
Sa9yxeabxf/imECvtg9P9r9OeM2R9jH1+5e+VvQZXAIQr8SzO32jlnhQhurFKxAR
R7R3D0XTDCc3y1uqdq8GRY7xI4Ldhgr9xpcHBx2EPWdX7004HChdx6lWV3VtDwKG
zyarTAuS5S818w0tWFyWkpEyGveUjXvlcezWzxMw/1NH0L1T03I=
=dd9/
-----END PGP SIGNATURE-----

--LZvS9be/3tNcYl/X--